rdsedmundo · January 20, 2021 13:59
diff --git a/gistfile1.txt b/gistfile1.txt
 const _ = require('lodash');

 const devHistory = require('../event_history_dev.json');
 const prodHistory = require('../event_history_prod.json');

 (async () => {
  const events = [...devHistory.Records, ...prodHistory.Records];
  const policiesByService = {};

  for (const event of events) {
    const serviceName = event.eventSource.split('.amazonaws.')[0];
    policiesByService[serviceName] = policiesByService[serviceName] || [];

    const resources = event.resources?.map((resource) => resource.ARN) || '*';
    const iamAction = `${serviceName}:${event.eventName}`;

    const policy = policiesByService[serviceName];
    const indexOfAction = policy.findIndex((p) => p.Action === iamAction);

    if (indexOfAction === -1) {
      policy.push({
        Effect: 'Allow',
        Action: iamAction,
        Resource: resources,
      });
    } else if (policy[indexOfAction].Resource !== '*') {
      policy[indexOfAction].Resource = Array.from(
        new Set([...policy[indexOfAction].Resource, ...resources]),
      );
    }
  }

  console.log(
    JSON.stringify(
      Object.values(
        Object.fromEntries(
          Object.entries(policiesByService).map(([key, statements]) => {
            return [
              key,
              Object.entries(_.groupBy(statements, 'Resource')).map(
                ([resource, groupedStatements]) => ({
                  Effect: 'Allow',
                  Action: groupedStatements.map((s) => s.Action),
                  Resource: resource === '*' ? '*' : resource.split(','),
                }),
              ),
            ];
          }),
        ),
      ).flat(),
      undefined,
      2,
    ),
  );
 })();
	const _ = require('lodash');

	const devHistory = require('../event_history_dev.json');
	const prodHistory = require('../event_history_prod.json');

	(async () => {
	const events = [...devHistory.Records, ...prodHistory.Records];
	const policiesByService = {};

	for (const event of events) {
	const serviceName = event.eventSource.split('.amazonaws.')[0];
	policiesByService[serviceName] = policiesByService[serviceName] \|\| [];

	const resources = event.resources?.map((resource) => resource.ARN) \|\| '*';
	const iamAction = `${serviceName}:${event.eventName}`;

	const policy = policiesByService[serviceName];
	const indexOfAction = policy.findIndex((p) => p.Action === iamAction);

	if (indexOfAction === -1) {
	policy.push({
	Effect: 'Allow',
	Action: iamAction,
	Resource: resources,
	});
	} else if (policy[indexOfAction].Resource !== '*') {
	policy[indexOfAction].Resource = Array.from(
	new Set([...policy[indexOfAction].Resource, ...resources]),
	);
	}
	}

	console.log(
	JSON.stringify(
	Object.values(
	Object.fromEntries(
	Object.entries(policiesByService).map(([key, statements]) => {
	return [
	key,
	Object.entries(_.groupBy(statements, 'Resource')).map(
	([resource, groupedStatements]) => ({
	Effect: 'Allow',
	Action: groupedStatements.map((s) => s.Action),
	Resource: resource === '' ? '' : resource.split(','),
	}),
	),
	];
	}),
	),
	).flat(),
	undefined,
	2,
	),
	);
	})();